| 1.1.3.9.7 Configure 'MSS: (TcpMaxDataRetransmissions) How many times unacknowledged data is retransmitted (3 recommended, 5 is default)' | CIS Windows 8 L1 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.2.2 Verify Red Hat GPG Key is Installed | CIS Red Hat Enterprise Linux 5 L1 v2.2.1 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 1.6.1 Ensure Syslog Logging is configured | CIS Cisco NX-OS L2 v1.1.0 | Cisco | AUDIT AND ACCOUNTABILITY |
| 1.6.1.4 Ensure SETroubleshoot is not installed | CIS Amazon Linux v2.1.0 L2 | Unix | CONFIGURATION MANAGEMENT |
| 2.1 Enable Secure Admin Access - 'autologout.telnet.timeout <= 5' | TNS NetApp Data ONTAP 7G | NetApp | ACCESS CONTROL |
| 2.1.8 Set 'no service pad' | CIS Cisco IOS 15 L1 v4.1.1 | Cisco | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.2.2 Ensure X Window System is not installed | CIS Amazon Linux v2.1.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| 2.4.4 - CDE - remote GUI login disabled | CIS AIX 5.3/6.1 L2 v1.1.0 | Unix | ACCESS CONTROL |
| 2.4.5 Disable Remote Login | CIS Apple OSX 10.10 Yosemite L1 v1.2.0 | Unix | ACCESS CONTROL |
| 2.7 Only enable Kerberos-related daemons if absolutely necessary (kadmind5_server_enable) | CIS FreeBSD v1.0.5 | Unix | CONFIGURATION MANAGEMENT |
| 2.7 Only enable Kerberos-related daemons if absolutely necessary (kerberos5_enable) | CIS FreeBSD v1.0.5 | Unix | CONFIGURATION MANAGEMENT |
| 2.7 Only enable Kerberos-related daemons if absolutely necessary (kpasswdd_server_enable) | CIS FreeBSD v1.0.5 | Unix | CONFIGURATION MANAGEMENT |
| 4.2.4 Enable AI /heuristic based malware detection | CIS Fortigate 7.0.x v1.3.0 L2 | FortiGate | SYSTEM AND INFORMATION INTEGRITY |
| 4.5.3 Ensure password reuse is limited | CIS Amazon Linux 2023 Server L1 v1.0.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 5. OpenStack Compute - Policy.json - 'os_compute_api:os-migrate-server:migrate_live' | TNS OpenStack Nova/Compute Security Guide | Unix | ACCESS CONTROL |
| 5.3.1 Ensure X-Frame-Options header is configured and enabled | CIS NGINX Benchmark v2.1.0 L1 Webserver | Unix | SYSTEM AND SERVICES ACQUISITION |
| 5.3.2 Ensure X-Content-Type-Options header is configured and enabled | CIS NGINX Benchmark v2.1.0 L1 Webserver | Unix | SYSTEM AND SERVICES ACQUISITION |
| 5.5.3 Ensure password reuse is limited | CIS Fedora 28 Family Linux Server L1 v2.0.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 5.5.3 Ensure password reuse is limited | CIS Fedora 28 Family Linux Workstation L1 v2.0.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 5.5.3 Ensure password reuse is limited | CIS CentOS Linux 8 Workstation L1 v2.0.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 5.5.3 Ensure password reuse is limited | CIS CentOS Linux 8 Server L1 v2.0.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 6.1 Setup Client-cert Authentication | CIS Apache Tomcat 8 L2 v1.1.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 6.1 Setup Client-cert Authentication | CIS Apache Tomcat 8 L2 v1.1.0 Middleware | Unix | IDENTIFICATION AND AUTHENTICATION |
| 6.6.1.3 Ensure Minimum Backoff Factor of 5 | CIS Juniper OS Benchmark v2.1.0 L1 | Juniper | ACCESS CONTROL |
| 7.6 Remove the X wrapper and enable xdm | CIS FreeBSD v1.0.5 | Unix | CONFIGURATION MANAGEMENT |
| 7.10 Repairing permissions is no longer needed | CIS Apple macOS 10.12 L1 v1.2.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| BIND-9X-001320 - The core BIND 9.x server files must be owned by the root or BIND 9.x process account. | DISA BIND 9.x STIG v2r3 | Unix | CONFIGURATION MANAGEMENT |
| CIS Control 5 (5.1) Establish Secure Configurations | CAS Implementation Group 1 Audit File | Unix | CONFIGURATION MANAGEMENT |
| CIS_IBM_DB2_10_v1.1.0_Level_1_OS_Windows.audit from CIS DB2 10.x Windows OS | CIS IBM DB2 v10 v1.1.0 Windows OS Level 1 | Windows | |
| CIS_IBM_DB2_10_v1.1.0_Level_2_OS_Windows.audit from CIS DB2 10.x Windows OS | CIS IBM DB2 v10 v1.1.0 Windows OS Level 2 | Windows | |
| CIS_mongodb_5_Benchmark_Level_1_OS_Linux_v1.2.0.audit from CIS MongoDB 5 Benchmark | CIS MongoDB 5 L1 OS Linux v1.2.0 | Unix | |
| CIS_MongoDB_5_Benchmark_Level_1_OS_Windows_v1.2.0.audit from CIS MongoDB 5 Benchmark | CIS MongoDB 5 L1 OS Windows v1.2.0 | Windows | |
| CIS_MongoDB_5_Benchmark_Level_2_OS_Linux_v1.2.0.audit from CIS MongoDB 5 Benchmark | CIS MongoDB 5 L2 OS Linux v1.2.0 | Unix | |
| CIS_MongoDB_5_Benchmark_Level_2_OS_Windows_v1.2.0.audit from CIS MongoDB 5 Benchmark | CIS MongoDB 5 L2 OS Windows v1.2.0 | Windows | |
| DTAVSEL-002 - The McAfee VirusScan Enterprise for Linux 1.9.x/2.0.x must be configured to receive automatic updates. | McAfee Virus Scan Enterprise for Linux 1.9x/2.0x Local Client v1r6 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| DTAVSEL-002 - The McAfee VirusScan Enterprise for Linux 1.9.x/2.0.x must be configured to receive automatic updates. | McAfee Virus Scan Enterprise for Linux 1.9x/2.0x Managed Client v1r5 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| DTAVSEL-003 - The McAfee VirusScan Enterprise for Linux 1.9.x/2.0.x must be configured to enable On-Access scanning. | McAfee Virus Scan Enterprise for Linux 1.9x/2.0x Managed Client v1r5 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| DTAVSEL-003 - The McAfee VirusScan Enterprise for Linux 1.9.x/2.0.x must be configured to enable On-Access scanning. | McAfee Virus Scan Enterprise for Linux 1.9x/2.0x Local Client v1r6 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| DTAVSEL-301 - Access to the McAfee VirusScan Enterprise for Linux 1.9.x/2.0.x Web UI must be enforced by firewall rules. | McAfee Virus Scan Enterprise for Linux 1.9x/2.0x Local Client v1r6 | Unix | CONFIGURATION MANAGEMENT |
| DTOO139 - The Save commands default file format must be configured. | DISA STIG Microsoft Word 2016 v1r1 | Windows | CONFIGURATION MANAGEMENT |
| Fortigate - Inactivity timeout - 'console' <= 300 | TNS Fortigate FortiOS Best Practices v2.0.0 | FortiGate | ACCESS CONTROL |
| MD4X-00-006600 - MongoDB must be configured in accordance with the security configuration settings based on DoD security configuration and implementation guidance, including STIGs, NSA configuration guides, CTOs, DTMs, and IAVMs. | DISA STIG MongoDB Enterprise Advanced 4.x v1r4 OS | Unix | CONFIGURATION MANAGEMENT |
| RHEL-06-000068 - The system boot loader must require authentication - BIOS | DISA Red Hat Enterprise Linux 6 STIG v2r2 | Unix | ACCESS CONTROL |
| RHEL-06-000068 - The system boot loader must require authentication - UEFI | DISA Red Hat Enterprise Linux 6 STIG v2r2 | Unix | ACCESS CONTROL |
| SonicWALL - Flood Protection - TCP - Timeout <= 5 minutes | TNS SonicWALL v5.9 | SonicWALL | SYSTEM AND COMMUNICATIONS PROTECTION |
| SonicWALL - PW Policy - Lockout Duration - >= 5 minutes | TNS SonicWALL v5.9 | SonicWALL | ACCESS CONTROL |
| User Authentication Security - Configure login security options to hinder password guessing attacks - backoff-factor | Juniper Hardening JunOS 12 Devices Checklist | Juniper | ACCESS CONTROL |
| WBLC-05-000177 - Oracle WebLogic must utilize FIPS 140-2 approved encryption modules when authenticating users and processes - JAVA_OPTIONS | Oracle WebLogic Server 12c Linux v2r1 | Unix | IDENTIFICATION AND AUTHENTICATION |
| WBLC-05-000177 - Oracle WebLogic must utilize FIPS 140-2 approved encryption modules when authenticating users and processes - JAVA_OPTIONS | Oracle WebLogic Server 12c Windows v2r1 | Windows | IDENTIFICATION AND AUTHENTICATION |
| WBLC-05-000177 - Oracle WebLogic must utilize FIPS 140-2 approved encryption modules when authenticating users and processes - PRE_CLASSPATH | Oracle WebLogic Server 12c Linux v2r1 | Unix | IDENTIFICATION AND AUTHENTICATION |
